Class SSECustomerKey

Represents a customer provided key for use with Amazon S3 server-side
encryption.
Server-side encryption is about data encryption at rest, that is, Amazon S3
encrypts your data as it writes it to disks in its data centers and decrypts
it for you when you access it. Amazon S3 manages encryption and decryption
for you.
This class allows you to specify your own encryption key for Amazon S3 to use
when encrypting your data on the server-side, instead of allowing Amazon to
automatically generate an encryption key for you.
For more information on Amazon S3 server-side encryption, see:
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html
This encryption is done entirely on the server-side. Your data is transmitted
to Amazon S3 over a secure SSL connection and then encrypted when it reaches
Amazon's servers. The SDK also offers client-side encryption, where the encryption
keys and unencrypted data never leave your machines.
For more information on client-side encryption for Amazon S3 data, see:
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html

Constructor Detail

SSECustomerKey

Constructs a new customer provided server-side encryption key using the specified
base64-encoded key material.
By default, this is assumed to be an AES-256 key, but the key algorithm
can be set through the setAlgorithm(String) method.
Currently, Amazon S3 only supports AES-256 encryption keys.

Parameters:

base64EncodedKey - The base 64 encoded encryption key material.

SSECustomerKey

public SSECustomerKey(byte[] rawKeyMaterial)

Constructs a new customer provided server-side encryption key using the
specified raw key material.
By default, this is assumed to be an AES-256 key, but the key algorithm
can be set through the setAlgorithm(String) method.
Currently, Amazon S3 only supports AES-256 encryption keys.

SSECustomerKey

Constructs a new customer provided server-side encryption key using the
specified SecretKey.
By default, this is assumed to be an AES-256 key, but the key algorithm
can be set through the setAlgorithm(String) method.
Currently, Amazon S3 only supports AES-256 encryption keys.

withAlgorithm

Sets the encryption algorithm to use with this customer-provided
server-side encryption key, and returns this object so that method calls
can be chained together.
Currently, "AES256" is the only supported algorithm.

Parameters:

algorithm - The server-side encryption algorithm to use with this
customer-provided server-side encryption key.

Returns:

The updated ServerSideEncryptionKey object, so that method calls
may be chained together.

getMd5

Returns the optional base64-encoded MD5 digest of the encryption key to
use when validating the integrity of the transmitted server-side
encryption key.
If a MD5 digest is not explicitly specified, then it will be
automatically calculated.

Returns:

The base64-encoded MD5 digest of this customer-provided
server-side encryption key.

setMd5

Sets the optional MD5 digest (base64-encoded) of the encryption key to use when
encrypting the object. This will be used as a message integrity check
that the key was transmitted without error. If not set, the SDK will fill
in this value by calculating the MD5 digest of the secret key, before
sending the request.

Parameters:

md5Digest - The MD5 digest (base64-encoded) of the encryption key to use
when encrypting the object.

withMd5

Sets the optional MD5 digest (base64-encoded) of the encryption key to
use when encrypting the object, and returns the updated object so that
additional method calls can be chained together. This will be used as a
message integrity check that the key was transmitted without error. If
not set, the SDK will fill in this value by calculating the MD5 digest of
the secret key, before sending the request.

Parameters:

md5Digest - The MD5 digest (base64-encoded) of the encryption key to use
when encrypting the object.

Returns:

The updated object, so that additional method calls can be
chained together.